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Description 

Technical Field 

This invention relates to a systenn for handling keys 
of the kind used in encryption and decryption opera- 
tions. 

Background Art 

It is known to use standard encryptor chips such as 
the AMD 9568 chip manufactured by Advanced Micro 
Devices, in teller temiinals. such as are used in the fi- 
nancial industry. Such encryptor chips may be used in 
the transmission of personal or financial data associated 
with the use of teller terminals. 

One of the problems associated with the use of en- 
cryptor chips in financial machines, is that it is difficult 
to keep the encryptor keys associated with the chip in a 
secure manner. Thus, an unauthorized "debugger" or 
an unauthorized user of the application software asso- 
ciated with the terminal is able to compromise the keys. 

Disclosure of the Invention 

It is an object of the present invention to provide a 
system for keeping encryption keys secure once they 
have been installed in the system. 

Therefore, according to one aspect of the present 
invention, there is provided a system for handling keys 
for use in encryption and decryption operations, as set 
forth in claim 1. 

Brief Description Of The Drawings 

One embodiment of the present invention will now 
be described by way of example, with reference to the 
accompanying drawings, in which: 

Fig. 1 is a general schematic view of a preferred 
embodiment of a system made according to this in- 
vention, showing an encryption/decryption module 
included therein; 

Figs. 2A and 2B. taken together, show details of the 
encryption/decryption module shown in Fig. 1; 
Fig. 3 shows the organization of the static RAM or 
SRAM shown in Fig. 2A, 

Fig. 4 shows how the address bits are used to ac- 
cess particular bytes of data from the SRAM; 
Fig. 5 is a diagram showing how certain data is 
transferred to the master port of the ciphering chip 
shown in Fig. 2B; 

Fig. 6 is a schematic diagram showing some addi- 
tional details of the address and bi-directional mul- 
tiplexer shown in Fig. 2A; 

Fig. 7 is a chart showing various selection condi- 
tions associated with the enciphering chip shown in 
Fig. 2B; 



Fig. 8 is a schematic diagram of the system inter- 
face shown generally in Fig. 2A; 
Fig. 9 shows certain keys associated with "key en- 
crypting key schemes"; 
5 Fig. 10 shows the relationship of certain keys asso- 

ciated with "key encrypting key schemes"; and 
Fig. 11 is a timing diagram showing certain timing 
relationships associated with the enciphering chip 
shown in Fig. 2 B. 

10 

Best Mode for Carrying Out the Invention 

Fig. 1 is a schematic diagram showing a system 10 
made according to this invention. The system 10 in- 

?5 eludes an encryption/decryption module (E/D module) 
12 and an associated tenminal 14, including a host CPU 
1 6. The system 10 may also include a central computer 
18, although the central computer 18 is not necessary 
for the system 10. 

20 The terminal 1 4 may be a financial terminal in which 
secure data must be stored or processed, for example^ 
The secure data may be financial balances or personal 
loan data, for example, when the system is used in a 
financial environment. The terminal 14 includes those 

?5 components which are within the dashed rectangle 20, 
and correspondingly, the central computer 18 includes 
those components which are within the dashed rectan- 
gle 22. 

The terminal 14 includes a ROM 24. RAM 26, key- 

30 board (KB) 28, display 30, the host CPU 16. and inter- 
face logic 32 to enable the terminal to function conven- 
tionally The terminal 14 also has a communications in- 
terface (l/F) 34 and a hard disc interface (l/F) 36 which 
are coupled to a main bus 38. The main bus 38 is also 

^5 coupled to the host CPU 16 and the E/D module 12, 
Software or programs for controlling the operation of the 
terminal 1 4 may be stored in the ROM 24 or RAM 26 as 
is conventionally done. 

The central computer 1 8 includes a ROM 40, RAM 

o 42, keyboard (KB) 44. display 46, a CPU 48. and inter- 
face logic 50 to enable the central computer 18 to func- 
tion conventionally. The central computer 18 also has a 
communications interface (l/F) 52 and a hard disc inter- 
face (l/F) 54 which are coupled to the CPU 48 and the 

5 communications interface 34 by a bus 56. Software or 
programs for controlling the operatbn of the central 
computer 18 may be stored in the ROM 40 or RAM 42 
as is conventionally done. 

As a typical illustration of the use of the E/D module 

0 12, the terminal 14 may be required to update some of 
the totals which are located on a disc 58 associated with 
the terminal 14. If these totals are stored on the disc 58 
in encrypted form, the terminal 14 will access the totals 
and forward them to the E/D module 12 where they are 

5 decoded and returned to the terminal 14. After the ter- 
minal 14 is finished with processing the totals, the soft- 
ware or application program associated with the termi- 
nal 14 may require that the revised totals be encrypted 
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prior to returning them to the disc 58. tn this situation, 
the terminal 1 4 sends the revised totals to the E/D nnod- 
ule 1 2 for encryption prior to being stored on the disc 58. 

The particular encryption key or keys used in the E/ 
D module 12 may be loaded daily by a manager or of- 
ficer of the institution in which the terminal 14 is located. 
There may be more than one such terminal 14 included 
in the system 1 0; however, only one is shown to simplify 
the drawing. If the encryption key or keys remain in the 
terminal 1 4 after they are installed by prior art methods, 
it is possible that an unlawful user of the system may 
attempt to obtain the keys through various "debugging" 
routines as previously mentioned. If the manager has to 
install the encryption keys every day as part of a start 
up routine, it means that the keys must be stored outside 
the system 10 where they could also be compromised. 

In contrast with the methods discussed in the pre- 
vious paragraph, once the encryption keys are installed 
in the E^D module 1 2, they are no longer accessible to 
the terminal 14, and consequently, they cannot be ob- 
tained through various debugging routines. 

The E/D module 1 2. alluded to with regard to a dis- 
cussion of Fig. 1 , is shown in more detail in Figs. 2A and 
2B. One of the features of this embodiment is that the 
encryption keys are stored in a Static RAM or SRAM 60 
which is supported by battery 62. After the encryption 
keys are written into the SRAM 60, the encryption keys 
are retained in the SRAM from day to day or after power 
failures, for example. While a SRAM 60 is normally a 
read/write device, the SRAM 60, as used in the E/D 
module 1 2, is in reality, a write only RAM as far as the 
host CPU 16 is concerned. This means that any debug- 
ging software being run by the host CPU 16 or any un- 
authorized use of software being run on the host CPU 
16 can never see the data coming from the SRAM 16. 
To repeat, once the encryption keys have been installed 
in the SRAM 60, the SRAM 60 becomes a write only 
RAM as far as the host GPU 16 is concerned. 

Continuing with a general descriptkwi of the E/D 
module 1 2 shown in Figs. 2A and 2B, the particular ci- 
phering chip (designated generally as 64) selected for 
use with this embodiment is AMD 9568 whrch is manu- 
factured by Advanced Micro Devices, for example. The 
ciphering chip 64 Is commercially available, and rt per- 
forms the National Bureau of Standards - Data Encryp- 
tion Scheme (NBS - DES). 

The ciphering chip 64 (Fig. 28) has three separate 
ports; they are the auxiliary port (Aux Port) 66, the mas- 
ter port 68, and the slave port 70. The auxiliary port 66 
is used to enter all master and working encryption/de- 
cryption keys. The master port 66 is used to enter work- 
ing keys (under certain situations to be described later 
herein), commands, data, mode commands, and is also 
used to read data and statuses. The slave port 70 is nor- 
mally used as an interface to another device; however, 
in the present embodiment, the slave port is used to re- 
tum clear text keys back to the SRAM 60. 

The ciphering chip 64 (chips 64) performs in the 



usual way except for those situations which will be dif- 
ferentiated hereinafter. The chip 64 includes the mode 
register 72, the mode status register 74, the command 
register 76. the command status register 78. the master 
5 key register 80. the encrypt key register 82, the decrypt 
key register 84, the output register 86, the algorithm unit 
88, the input register 90, the Initialization Vector (l.V.) 
encrypt key register 92. and the l.V. decrypt register 94. 
It would appear useful to give an illustration .of how 
^o the ciphering chip 64 operates, in the simplest of situa- 
tions, assume that an encryption/decryption (E/D) key 
is stored as clear text in the RAM 26 of the terminal 14. 
Suppose, also, that data supplied by the terminal 1 4 is 
to be encrypted by the E/D nDodule 12. In this situation, 
the temrtinal 14, through its application program, will load 
the clear text key in the encrypt key register 82 via the 
auxiliary port 66, and thereafter the data to be encrypted 
is loaded into the input register 90 via the master port 
68. The ciphering chip 64 then takes the E/D clear text 
20 key from the encrypt key register 82 and the data from 
the input register 90 and encrypts the data in the algo- 
rithm unit 88. The encrypted data is then transferred to 
the output register 86 from where it is transferred to the 
terminal 14 when requested by that terminal. In the em- 
25 bodiment described, the terminal 14 may include a per- 
sonal computer as the operating platform, for example, 
and accordingly, the transferrence of data between the 
host CPU 16 and the E/D module 12 may be handled 
as I/O writes or commands. 
30 A feature of this embodiment is that it permits the 
user to select a particular level of security desired. In 
the embodiment described, there are three levels of se- 
curity obtainable; they are: 

3S 1 . Encryptor only, 

2. Secure key storage, and 

3. Secure key encrypting operations. 

With the first level of security, only the encryptor or 
40 ciphering chip 64 is used. This level has already been 
described in relation to the illustration given for describ- 
ing the simplest use of the ciphering chip 64. At this lev- 
el, it is up to the user of the system to provide his or her 
own level of security. 
45 The second level of security permits the E/D and 
master keys to be stored in the SRAM 60 for future use. 
As stated earlier herein, once the keys are written into 
the SRAM 60, the keys are prevented from unauthorized 
viewing or accessing. 
50 The third level of security permits the process of de- 
crypting one key with another key. The second and third 
levels of security will be more readily understood in re- 
lation to a discussk>n of the organization of the SRAM 
60 and other aspects of the system 10. 
55 The different areas of the SRAM 60 along with their 
associated hex addresses are shown in Fig. 3. The ar- 
eas comprise the master key area 60-1 , the working key 
area 60-2. and the Initialization Vectors (I.V.s) or general 
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purpose area 60-3, In the embodiment described, the 
master key area 60-1 is comprised of 32 blocks of data, 
with each block of data including eight bytes. Each block 
may contain a key which is eight bytes long. Each byte 
of the key contains a parity bit. so in reality, each master 5 
key is 56 bits long, with eight parity bits being included 
for the eight bytes of data associated with a master key. 
Naturally, other key lengths could be provided, depend- 
ing upon a particular application. The working key area 
60-2 contains 96 blocks of data. io 
Correspondingly, this area 60-2 can store 96 keys which 
are organized as already described. And finally, the area 
60-3 can store 896 blocks of data, with each block con- 
taining eight bytes. 

When the host CPU 16 addresses the SRAM 60, J5 
the associated software puts out a key number whrch is 
placed in a key number latch 96 (Fig. 2A) via the bus 38 
and an internal or secure bus 98 which is located on the 
E/D module 12. A system interface 100 (to be later de- 
scribed herein) is used to couple and uncouple the se- so 
cure bus from the system bus 38 as alluded to earlier 
herein. The key number latch 96 is coupled to the local 
bus 38-1 (Fig. 2A). The latch 96 is comprised of one 
eight bit latch and a two bit latch (not shown), with eight 
bits of the address being placed in the eight bit latch and 2S 
with the remaining highest two bits being stored in the 
two bit latch. 

The key number being described contains ten bits 
of the 1 3 bits which are required to access a byte from 
the SRAM 50. Notice from Fig. 4 that the key number 30 
( 1 0 address bits) points to a particular block in the SRAM 
60. Notice, also, that the last three bits of the 13 bit ad- 
dress are combinational bits which are outputted by the 
terminal 14 and which are marked as AO, A1 , and A2 in 
Fig. 4. These combinational bits AO, A1 , and A2 may be 3S 
considered as outputs of a binary counter to obtain eight 
different outputs to thereby select one of the particular 
eight bytes of data within a block in the SRAM 60. 

The SRAM 60 has a conventional control marked 
as SRAM control 1 02 in Fig. 2A. The SRAM control 1 02 40 
has the usual select (RAM Sel). read (RAM read), and 
write (f=lAM write) inputs supplied to it via the bus 98-1 
in addition to the combinational bits AO, A1 , and A2 al- 
ready discussed. Once data is put into the SRAM 60, it 
remains there even though power is shut off due to the ^5 
back up support by battery 62. When a particular key is 
to be withdrawn from the SRAM 60 and sent to the ci- 
phering chip 64, it is done so in eight separate cycles, 
with one eight bit byte being sent in each one of the cy- 
cles, so 

It appears useful to provide some additional details 
about the particular ciphering chip 64 used. When using 
the AMD 9568 chip 64 mentioned, there's a special as- 
pect of the chip 64 with regard to handling data going to 
and from the chip during read and write operations, Dur- 55 
ing an I/O write from the host CPU 1 6, two cycles of op- 
erations are involved. During the first cycle, the host 
CPU 16 places the address for the particular element 



being addressed on the bus 98, and during the second 
half of the cycle, the data to be transferred is placed on 
the bus 98. 

The E/D module 12 has an address and bi<lirec- 
tional data multiplexer circuit (Mux circuit 104) which is 
shown generally in Fig. 2A and specifically in Fig. 6. The 
Mux circuit 1 04 is used when addressing the master port 
68. This special aspect mentioned relates to the fact that 
there are six data lines D7 - D3 and DO on bus 98-3 
going into the master port 68. while there are eight data 
lines D7 - DO in the bus 98-2 going to the auxiliary port 
66. and eight data lines D7 -DO coming from the slave 
port 70 to the SRAM 60 on bus 98-4. The six data lines 
D7 - D3 and DO are used for data only, and consequent- 
ly, the lines AD2 and AD1 coming from the Mux circuit 
104 are used for providing address lines during the first 
half of the cycle mentk>ned, and the AD2 and AD 1 lines 
are used for transferring data during the second half of 
the cycle mentioned. The various inputs to the master 
port 68 are shown in Fig. 5. with the lines AD2 and AD1 
being the ones which are used for both address and data 
values. 

Fig. 6 shows more details of the Mux circuit 104 
shown in block form in Fig. 2A, and this circuit 104 in- 
cludes a conventional multiplexer 106. The multiplexer 
106 has a conventional Enable input, address select, Al 
(Address), and D1 (Data) bits. The first address bit Al 
and the first data bit D1 are shown as combined bit AD1 
in Fig. 5. When the address is selected on the first por- 
tion of the bus cycle mentioned, the input Al is selected 
for transferrence to the master port 68. When the data 
is to be transferred on the second portion of the cycle, 
the data bit D1 is selected. There is an additional multi- 
plexing element (not shown) to handle the multiplexing 
of the second address bit A2 and the second data bit D2 
which are shown as combined bit AD2 in Fig. 5. The Mux 
circuit 104 also includes a three state buffer 108 which 
is used to transfer data around the multiplexer 106 to 
the bus 98 for transferrence back to the host CPU 16 
during a read operation. Another latch (not shown) but 
similar to 3 state buffer 108 is used to transfer the sec- 
ond data bit D2 around the associated multiplexer circuit 
(not shown) to the bus 98 where these two data bits D1 
and D2 are combined with the data bits D7 -D3 and DO 
for transferrence back to the host CPU 16. 

Fig. 7 is a chart showing the states of the A2 and Al 
inputs to the Mux circuit 104. shown in Fig. 2A, tor the 
various registers and read/write conditions shown. For 
example, when the inputs A2 and Al are at 0, the data 
or input register 90 is selected for a read/write operation. 

Some additional points about the enciphering chip 
64 require some additional explanation. In this regard, 
the master key register 80 always stores clear text. 

The mode register 72 is used to tell the enciphering 
chip 64 how it is to perform; it decides whether the data 
is to be encrypted or decrypted. The mode register 72 
also decides three separate modes or situations; they 
are: 
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1 . Whether data to be encrypted or decrypted will 
enter the chip 64 through the master port 68 and 
exit through the master port 68. 

2. Whether encrypted data will enter through the 
master port 68 and exit through the slave port 70; 
and 

3. Whether clear text data will come in the master 
port 68 and exit through the slave port 70. The par- 
ticular enciphering chip 64 selected supports a 
fourth mode of operation; however. It is not impor- 
tant for an understanding of this Invention. 

The mode status register 74 is used to inform the 
host CPU 16 as to the status of the enciphering chip 64. 

The command register 76 tells the enciphering chip 
16 what function it is to perform. 

The command status register 78 is used to inform 
the host CPU 16 as to whether or not a comnnand was 
performed as requested. 

Some additional points about the use of the enci- 
phering chip 64 (Fig. 2B) should be mentioned at this 
time; they are: 

1 . As used herein, the master port 68 is usually used 
to transfer data to and from the host CPU 1 6. 

2. The stave port 70 is utilized at the highest level 
of security or the level three mentioned earlier here- 
in. This occurs when hardware including the system 
interface 100 (to be described) associated with the 
E/D module 1 2 detects that a master key has been 
taken from the master key area 60-1 of the SRAM 
60 and put into the decrypt register 84 via the Aux 
port 66. The system interface 100 mentioned disa- 
bles the secure bus 98 from the main bus 38 so that 
data present in output register 86 of the chip 64 can 
no longer pass through the master port 68 to the 
host CPU 16; however, the host CPU 16 can write 
commands to the chip 64. In effect, the system in- 
terface 100 disables the read signal to the master 
port 68, but the host CPU 16 can still write to the 
mode register 72, for example, and check on vari- 
ous statuses. The key data in the output register 86 
is outputted only to the master area 60-1 via the 
slave port 70; this is accomplished by a write in- 
struction from the host CPU 16. 

As an aside, one of the features of the chip 64 se- 
lected for use in this invention is that once a key is written 
into the registers 80. 82, and 84. it cannot be extracted 
from the chip 64; however, to remove this data, it is sim- 
ply written over by the next key coming into these reg- 
isters. Once a new key is written into the registers 80, 
82, or 84, the contents of the output register 86 are also 
destroyed. 

Another characteristic of the chip 64 is that it permits 
the LV. encrypt and decrypt registers 92 and 94 to be 
read by the host CPU 1 6; consequently, it should be con- 
sidered as an unsecure part of the E/D module 12. The 



initialization vectors are stored in the area 60-3 of the 
SRAM 60. The same techniques of disabling the main 
bus 38 and transferring the initialization vectors to the 
SRAM 60 could be employed to provide security for the 
5 initialization vectors; however, the master port 68 in- 
stead of the slave port 70 would be used for this pur- 
pose. 

Another feature of this embodiment is that it facili- 
tates the decrypting of keys such as key encrypting key 
10 schemes. For example, once an encrypted key is de- 
crypted, one would not want this clear text key to be read 
out of the E/D module 12; however, one would want to 
be able to read and write status commands from the host 
CPU 16 to the E/D module 12. The technique for doing 

^5 this will be described in more detail hereinafter. In gen- 
eral, the system is set up to force the host CPU 1 6 to do 
an I/O write to transfer information either directly to the 
SRAM 60 or to force the information from the encipher- 
ing chip 64 back to the SRAM 60. By using I/O writes, 

20 no software debugger or no application software can ev- 
er see the data because the buffers and the like in "the 
host CPU 16 are directed away from the host CPU 16, 
and consequently, there's no way the data can return to 
the host CPU 1 6. In other words, the SRAM 60 is treated 

2S as a write only port as far as the host CPU 16 is con- 
cerned, but data can be written from the enciphering 
chip 64 to the SRAM 60. 

Still another feature of the preferred embodiment is 
that the SRAM 60 is split or divided into two areas as far 

30 as the storing of keys is concemed. The master key area 
60-1 permits the highest level of security to allow for "key 
encrypting key" schemes; this aspect will be discussed 
in more detail hereinafter When one key is decrypted 
by another or second key, with the second key coming 

35 from area 60-1 of the SRAM 60, the result is place in the 
output register 86 of the enciphering chip 64, for exam- 
ple. Any effort by the host CPU 16 to read the output 
register 86 through the master port 68 in the example 
being described, causes the secure bus 98 to be uncou- 

40 pled from the main bus 38 as previously described. 

It should be recalled that while one does not want 
the secure data or keys to be read back to the host CPU 
16. the host CPU 16 still has to communicate with the 
E/D module 1 2 to obtain the status information as pre- 

45 viously explained. As a general summary, the hardware 
including the system interface 100 will not let the host 
CPU 16 read the output register 86 through the master 
port 68 until: 

so 1 . A new decrypt key that is in cleartext is presented 
to the decrypt key register 84 through the Aux port 
66; and 

2. The new decrypt key did not come from the mas- 
ter key area 60-1 of the SRAM 60. 
55 3. All eight bytes of the new decrypt key are trans- 
ferred with no parity errors. 

Having described the general method of operation • 
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of the enciphering chip 64, it appears useful to describe 
the general functioning of the system interface 100 
shown in Figs. 2B and 8. The system interface 100 in- 
cludes the conventional one way latches such as circuit 
No. 74LS573 which are referenced as latches 110 and 
112, and it also includes the two way latch 114 which is 
a conventional latch such as circuit No. 74LS245. All 
these latches mentioned are eight bits wide in the em- 
bodiment described. 

As seen from Fig. 2A. the system interface 100 
shown in Fig. 8 is controlled by five control signals; they 
are: 

1 . Latch. 

2. Periph (Periphery). 

3. Enable Read. 

4. Enable 245, and 

5. 245 Direction. 

The first three signals listed are used to control the one 
way latches 1 1 0 and 1 1 2, while the last two signals listed 
control the latch 1 1 4. The latches 1 1 0. 11 2, and 1 1 4 form 
the coupling between the main bus 38 and the secure 
bus 98. When the signal Latch is active or high and the 
signal Periph is active or low. data from the host CPU 
16 is transferred from the main bus 38 to a local bus 
38-1 on which the E/D module 12 and the parallel port 
and serial port are located. These two ports mentioned 
provide a coupling to other circuits not important to an 
understanding of this invention; however, they are 
shown to illustrate the versatility of the system 10. If the 
data coming from the host CPU 16 is to be transferred 
to the SRAM 60 or the encryptor chip 64, itself, the 245 
Enb signal will become active or low. and the signal 245 
Dir will switch to a state which indicates that the data is 
to be transferred to the secure bus 98. If the data were 
to be transferred to a register like the Input data register 
90, the data would pass through the latch 1 1 0. Upon the 
occurrence of an Encrypt WR (Write) signal coming from 
the timing and decode circuit 116 shown in Fig. 2A. the 
data is written into the input register 90. Near the end of 
a bus access cycle, as discussed earlier herein, the sig- 
nal Latch will go low or inactive; in the process, the latch 
1 1 0 will maintain the data at its output regardless of what 
happens at the input of the latch 110, This permits the 
host CPU 16 to put "garbage" on the input side of the 
latch 110 at the end of its bus access gate without af- 
fecting the data on the output side of the latch 110. This 
provides the necessary data hold times during a "write" 
to the encryptor chip 64 from the host CPU 15. When 
the bus access cycle is over, the signal Periph would be 
disabled, thus isolating the secure bus 98 from the main 
bus 38. 

In order to perform a read operation by the host 
CPU 16, the signal Enable Read to latch 112 becomes 
valid for transferring data from the local bus 38-1 to the 
host CPU 16. and the signal Latch also becomes active 
or high. If data is to be read from the mode register 72 
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of the enciphering chip 64. for example, the signal 245 
Enable would become active or low, and the signal 245 
Direction would become valid for a read operation. It 
should be pointed out that reading the mode register 72 
5 does not present security problems as far as the E/D 
keys are concerned, so this reading is permitted by the 
E/D module 12. 

The special encryptor module conditions represent- 
ed by decoder block 1 1 8 are used to discern whether or 
10 not certain conditions exist which require that the secure 
bus 98 be uncoupled from the main bus as discussed 
earlier herein. The conditions represented by decoder 
block 118 will be discussed hereinafter. Near the end of 
the bus access cycle, the signal Latch goes inactive to 
'5 latch the data from the E/D module 1 2 into the latch 1 1 2 
where it is maintained until the host CPU 16 is finished 
reading the data. Before the host CPU 16 is finished 
reading the data in the latch 112. the E/D module 12 
would have ended its bus access cycle and gone into 
20 its idle state. 

As stated earlier herein, one of the features of the 
third level of security made available by the E/D module 
12 is that 'key encrypting key schemes" are made pos- 
sible. As an illustration, a bank official (at a secure site) 
25 might start out with three all clear text keys as shown in 
Fig. 9; they are a Master Key. Key #1 and Key #2. Using 
software associated with the host CPU 16, the official 
would put Key #1 into the encrypt key register 82 of the 
enciphering chip 64 and put Key #2 into the input regis- 
30 ter 90 to enable Key #2 to be encrypted by Key #1 , with 
the encrypted Key #2 appearing in the output register 
86 of the chip 64 and becoming the Working Key shown 
in Fig. 10. A working key is defined as a key to encrypt 
or decrypt data. The working key may be installed in reg- 
35 isters 82 or 84 as clear text in one situation. In another 
situation, the working key may be entered into the en- 
cryptor chip 64 in encrypted form and thereafter it is de- 
crypted by the associated master key which is installed 
in register 80. The working key which Is now in clear 
^0 text, may then be installed in the registers 82 or 84 for 
use in encryption or decfyptk>n, respectively This Work- 
ing Key of Fig. 10 has the address in the SRAM 60 
shown. This same process can be repeated using the 
Master Key to encrypt Key #1 . To repeat the procedure. 
45 the clear text Master Key is placed in the encrypt key 
register 82, the clear text Key #1 is placed in the input 
register 90, and the algorithm unit 88 in conjunction with 
the Master Key will generate Key #1 which has been 
encrypted with the twlaster Key and place it in the output 
50 register 86. Thereafter Key #1 encrypted with the Master 
Key will be placed in the memory location shown in Fig. 
10. At this point in the explanation, the two keys which 
have been encrypted can be used by the system 10. 
The software associated with the host CPU 16 can se- . 
55 lect these keys for an encryption/decryption operation. 
One of the features of the system 10 is that the two 
encrypted keys which were generated as described in 
the previous paragraph can be placed over external 
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communication lines without fear of compromise. The 
Working Key and Key #1 encrypted with Master Key 
shown in Fig. 10 may be stored in the host CPU 16. An 
unauthorized user would not gain access to the system 
1 0 because he does not have access to the Master Key, s 
for example. 

One of the simplest ways of using the system 10 Is 
to take one of the encrypted keys which may be stored 
in the host CPU 1 6 and use it to encrypt or decrypt data. 
To repeat, the applicatbn program in the host CPU 16 to 
would know where the particular keys to be used are 
stored. Assume that Key #1 encrypted with Master Key 
will be used by the host CPU 16. The host CPU 16 will 
send instructions to the E/D module 1 2 to place the Mas- 
ter Key from area 60-1 of the SRAM 60 into the decrypt is 
register 84. As soon as the first byte of the master key 
is moved to the auxiliary port 66. the secure bus will be 
uncoupled from the main bus as previously described. 
Thereafter, the host CPU 1 6 would instruct the E/D mod- 
ule 1 2 that the Key #1 encrypted with Master Key is to 20 
be loaded in the input register 90 of the enciphering chip 
64. The algorithm unit 88 then generates the clear text 
Key #1 which is placed in the output register 86. This 
clear text Key #1 is then routed out the slave port 70 to 
the master key area at address 01 0, for example, of the 25 
SRAM 60. Thereafter, the software associated with the 
host CPU 1 6 would withdraw the clear text Key #1 and 
place it in the master key register 80 via the Aux port 66 
for use in decrypting the new working key (Fig. 1 0). The 
encrypted working key would then be installed in the en- 30 
crypt key register 82 and/or the decrypt key register 84 
by the command to toad an encrypted E or D key through 
the auxiliary port 66. Note that before the D key is load- 
ed, the main bus 38 must be reenabted or coupled by 
the loading of a clear text key into the decrypt key reg- 3S 
ister 84 through the auxiliary port 66. This key cannot 
come from the master key area 60-1 of the SRAM 60. 
Also note that this working key would be stored in loca- 
tion 035 in the SRAM 60 in its encrypted form. The data 
to be encrypted would then be placed in the input reg- 40 
ister 90 for encryption. The encrypted data woukJ then 
freely pass out the output register 86 to the host CPU 
16. A point to notice here, is that when a master key is 
used to decrypt an encrypted key whk;h is not a working 
key, the clear text result always goes out the slave port 45 
70 to a designated area of the SRAM 60. and when a 
clear text master key is used to decrypt a working key 
the working key goes into one of the two registers 82 or 
84 of the enciphering chip 64. There may be several lev- 
els of encryption and decryption of keys as shown by 50 
Key A and Key #1 shown in Fig. 10. A general rule to 
apply when using encrypted keys is that one always 
needs the clear text key immediately prior to the working 
key that one intends to use. Using the example given 
(assuming Key A is not in Fig. 10), because the Key #1 ss 
was to be the working key, the clear text Master Key was 
selected to be placed in the master key register 80 for 
decrypting the Key #1 encrypted with Master Key 



The means for determining when the secure bus is 
to be unlocked from the main bus can best be described 
in relation to Figs. 2A and 2B. The decoder block 118 
may contain conventional combinational logic or Pro- 
grammable Array Logic (PAL) for combining certain in- 
put signals to obtain the required output signals to effect 
the unlocking and tocking of the secure bus 98. The in- 
put signals include the following: 

1. AFLAG. 

2. PARITY. 

3. MASTER KEY. 

4. KEY SOURCE. 

5. ANY D. and 

6. CLEAR D AUX. 

The AFLAG signal comes from the enciphering chip 
64. Its general function is to indicate (when low) that the 
next byte of data coming from a source is able to be 
transferred to the auxiliary port of the enciphering chip 
64. - 

The PARITY signal also comes from the encipher- 
ing chip 64. When the PARITY signal from the encipher- 
ing chip 64 is a low level, it indicates that there was an 
error in a particular byte of a key being transferred to 
the chip 64. It should be recalled that each one of the 
eight bytes included in a key, for example, has a parity 
bit. The eight bytes of data which are loaded into the 
auxiliary port of the chip 64 cannot have a parity error 
in them, and also, the AFLAG signal must be active or 
low during the entire time of the transfer 

The MASTER KEY signal is a status byte which in- 
dicates the source of the particular key being trans- 
ferred. MASTER KEY is a signal which is generated by 
looking at the value which is k^aded into the key number 
latch 96 (Fig. 2A). The upper five bits are looked at. and. 
if they are alt zero, they indicate that the key is being 
accessed from the master key area 60-1 of the SRAM 
60. 

The KEY SOURCE signal is a bit which indicates 
whether the source of the key is from the host CPU 16 
or from the SRAM 60; basically, this signal is decoded 
from the addresses. 

The ANY D signal is a signal which goes active any 
time a load decrypt key command is given to the encryp- 
tor chip. There are four different types of decrypt com- 
mands which may be given; they are: 

1 . Load clear decrypt key through the auxiliary port 
66. 

2. Load clear decrypt key through the master port 
68. 

3. Load encrypted decrypt key through the auiliary 
port 66. 

4. Load encrypted decrypt key through the master 
port 68. 

The CLEAR D AUX signal is used to indicate that a 
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command has been given to load a clear text decrypt 
key through the auxiliary port 66 of the enciphering chip 
64. 

To lock the secure bus 98 from the main bus 38 or 
to "uncouple" it therefrom, the ANY D and MASTER KEY 
signals must be active while the KEY SOURCE signal 
indicates SRAM as the source. In other words, the en- 
ciphering chip 64 has been instructed to load a key from 
the master key area 60-1 into the decrypt key register 
84 via the auxiliary port 66. 

To unlock the secure bus 98 or to 'couple' it to the 
main bus 38, the CLEAR D AUX signal must be active 
while the MASTER KEY signal must be inactive. In other 
words, the secure bus 98 becomes coupled to the main 
bus by destroying the contents of the decrypt key reg- 
ister within the enciphering chip 64. This can be done by: 

1. Selecting and writing a clear text key from the 
working area 60-2 of the SRAM 60 through the aux- 
iliary port 66 into the decrypt key register 84 of the 
enciphering chip 64; or 

2. Writing a clear text key from the host CPU 1 6 into 
the decrypt key register 84 via the auxiliary port 66 
of the enciphering chip 64. 

As an aside, it should be recalled that a 55 bit key 
being utilized in this invention is loaded into the enci- 
phering chip 64 as a series of eight bytes of data, with 
one bit in each byte being a parity bit. In effect, the 
A FLAG and PARITY signals coming from the encipher- 
ing chip 64 are used to monitor the progress of the key 
being entered into the chip 64. In other words, during 
the kjading of the eight bytes of the key into the chip 64, 
there cannot be any parity error, and the AFLAG signal 
must be active for the entire time of entering the key. By 
using the AFLAG and PARITY signals, an effort is made 
to prevent a debugger from trying to unlock the secure 
bus 98 without actually having destroyed the contents 
of the decrypt key register 84. Again, by checking on the 
parity of the key being entered on a per byte basis, an 
effort is made to make sure that the new key being en- 
tered actually destroys the original secure key which 
was entered into the decrypt key register 84. 

Another point worth mentioning with regard to the 
particular enciphering chip 64 selected tor use with this 
invention is that the AMD 9568 chip has a special reset 
feature. It the chip receives a second command before 
the first command is completed, the second command 
is viewed as a reset which clears the chip entirely When 
the chip is in reset state, the AFLAG signal is inactive, 
and therefore, the secure bus 98 will not unlock or be 
coupled to the main bus 38. The AFLAG signal is active 
only when there is a valid command to the enciphering 
chip 64. 

Again, it should be stated that when the secure bus 
98 is uncoupled from the main bus 38 as described here- 
in, the only function that is really disabled is the reading 
of the output register 86 of the enciphering chip 64 by 



the host CPU 16. The host CPU 16 is still able to read 
mode and status registers, like 72 and 74. as previously 
described. 

Some additional circuitry included in the means for 
5 uncoupling the secure bus 98 from the main bus 38 is 
represented by the timing and decode circuit 116 here- 
inafter referred to as circuit 116. The signals associated 
with the circuit 1 1 6 along with a brief description of them 
are as follows: 

w 

1 . RAM WRITE - This signal controls the writing of 
data into the SRAM 60 (Fig. 2A). 

2. RAM READ - This signal controls the reading of 
data from the SRAM 60. 

?5 3. ENCRYPT CLK - This clock provides the clock to 
the enciphering chip 64. 

4. MALE - This signal is the master port address 
latch enable, and it is used to latch the addresses 
into a latch (not shown) within the enciphering chip 
64 during the first half of the bus access cycle. 

5. ENCRYPT WR - This signal, when active, is used 
to write data into the master port 68. ~ 

6. ECRYPT RD - This signal, when active, is used 
to read data from the master port 68. 

25 7. LOAD KEY - This signal, when active, is used to 
strobe or write data into the auxiliary port 66. There 
is no 'read' signal for the auxiliary port 66 because 
of the way the enciphering chip 64 is designed. 
8. SLAVE RD - This signal, when active, is used to 

30 read the slave port 70. 

Because the enciphering chip 64 selected is a con- 
ventional chip, conventional logic circuitry may be em- 
ployed in the circuit 116 (Fig. 2A) to provide the appro- 

35 priate timing relationships. There is one area, however, 
which should be mentioned. This area relates to the 
clock supplied to the enciphering chip, with the clock be- 
ing shown in Fig. 11 . As far as the clock is concerned, 
there are certain minimums placed upon the active and 

40 inactive portions of the clock as shown by waveform A, 
In order to satisfy some of the requirements of the con- 
trol signals, it was necessary to prolong, slightly, the high 
level portion of the clock as shown in waveform C. In the 
embodiment described, the high level portion of the 
waveform C was protonged in multiples of 62.5 nano- 
seconds (ns). 

Extending the high level portion of the clock shown 
in waveform C was effected so that the rise of the control 
signal occurs at a predetermined time after the fall of the 

50 clock shown in waveform C. The maximum time be- 
tween the fall in waveform C and the rise in waveform 
D is shown by double arrow MT This maximum time MT 
for the enciphering chip 64 selected for use with this in- 
vention is 40 nanoseconds for the master port 68 ac- 

55 cesses, and 60 nanoseconds for the auxiliary port 66 
and the slave port 70 accesses. 
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Claims 

1 . A system for handling keys for use in encryption and 
decryption operations, including a host ternninal 

(1 4) including a processor (16) adapted to execute 5 
instructions and an encryption module (1 2) adapted 
to encrypt and decrypt data and coupled by a first 
bus (38) to said host terminal (14), characterized In 
that said encryption module (12) includes: a data 
ciphering chip (64) adapted to encrypt and decrypt io 
data; storing means (60) adapted to store keys 
therein; a second and secure bus (98) adapted to 
couple said storing means (60) with said data ci- 
phering chip (64) for transferring said key to said 
ciphering chip (64) for use thereby; an interface 
(100) coupled to said first bus (38) and to said sec- 
ond bus (98); and logic control means (116,118) 
adapted to control the operation of said interface 
(100) for coupling and decoupling said first bus (38) 
to and from said second bus (98); in that said inter- 20 
face (100) is controlled by said logic control means 
( 1 1 6. 1 1 8) to couple said second bus (98) to said first 
bus (38) to enable said keys to be installed in said 
storing means (60) by said processor (16); and in 
that said interface (100) is controlled by said logic 25 
control means (116,118) to decouple said second 
bus (98) from sakd first bus (38) with regard to ac- 
cessing said key whenever said key is to appear on 
said second bus (98) after being installed in said 
storing means (60) by said processor (16). 30 

2. A system according to claim 1 . characterized in that 
one of said keys is a master key, in that said logic 
control means (116,118) is adapted to determine 
whenever said master key is to appear on said sec- 3S 
ond bus (98); and in that said interface (100) is 
adapted to disconnect said second bus (98) from 
said first bus (38) with regard to accessing said 
master key whenever said master key is to appear 

on said second bus (98) after being installed in said ^0 
storing means (60) by sakJ processor (16). 

3. A system according to claim 1 or claim 2, charac- 
terized in that said storing means includes a static 
RAM (60) and a battery support (62) for said static 45 
RAM (60). 



Patentansprijche 



(1 4) gekoppelt ist, 
dadurch gekennzeichnet, da3 
das Verschlusselungsmodul (12) umfa8t: einen 
Datenchiffrierungs-Chip (64), der zum Verschlus- 
seln und Entschlussein von Daten ausgelegt ist; ei- 
ne Speichereinrichtung (60). die zum Speichern 
von Schlussein in dieser ausgelegt ist; einen zwei- 
ten und Sicherungsbus (98). der zum Koppein der 
Speichereinrichtung (60) mit dem Datenchiffrie- 
rungs-Chip (64) zum Obertragen des Schlussels zu 
dem Chiffrierungs-Chip (64) fur eine Anwendung 
dadurch gekoppelt ist; eine Schnrttstelle (100), die 
mit dem ersten Bus (38) und dem zweiten Bus (98) 
gekoppelt ist; und eine Logiksteuereinrichtung 
(116, 118), die zum Steuem des Betriebs der 
Schnrttstelle (100) zum Koppein und Entkoppein 
des ersten Busses (38) zu und von dem zweiten 
Bus (98) ausgelegt ist; wobei die Schnittstelle (1 00) 
durch die Logiksteuereinrichtung (116, 118) zum 
Koppein des zweiten Busses (98) mit dem ersten 
Bus (38) zum Fretgeben der Schlussel, die in d^er 
Speichereinrchtung (60) einzurichten sind, durch 
den Prozessor (16) gesteuert wird; und daR die 
Schnittstelle (100) durch die Logiksteuereinrich- 
tung (116. 118) zum Entkoppein des zweiten Bus- 
ses (98) von dem ersten Bus (38) hinsichtlich des 
Zugreifens auf den Schlussel gesteuert wird, wenn 
immer der SchlOssel auf dem zweiten Bus (98) auf- 
treten sollte, nachdem er durch den Prozessor (1 6) 
in der Sperchereinrichtung (60) eingerrchtet wurde. 

2. Ein System nach Anspruch 1, dadurch gekenn- 
zeichnet, da8 einerder Schlussel ein Hauptschlus- 
sel ist, daB die Logiksteuereinrichtung (116, 118) 
ausgelegt ist zu bestimmen, wann immer der 
Hauptschlussel auf dem zweiten Bus (98) auftreten 
sollte; und daQ die Schnittstelle (100) ausgelegt ist. 
den zweiten Bus (98) von dem ersten Bus (38) hin- 
sichtlich des Zugreifens des Hauptschlussels zu 
trennen, wenn immer der HauptschlOssel auf dem 
zweiten Bus (98) auftreten sollte, nachdem er durch 
den Prozessor (16) in der Speichereinrichtung (60) 
eingerichtet wurde. 

3. Ein System nach Anspruch 1 oder Anspruch 2, da- 
durch gekennzeichnet, da3 die Speichereinrich- 
tung ein statisches RAM (60) und eine Batterieab- 
sicherung (62) fur das statische RAM (60) umfaBt, 



50 



1 . Ein System zum Handhaben von Schlussein fur die 
Anwendung bei Verschlusselungs- und Entschlus- 
selungsvorgangen, das ein Host-Terminal (14) um- 
fafJt, das einen Prozessor (16), der zum Ausfuhren 
von Anweisungen ausgelegt ist und ein Verschlus- ss 
selungsmodul (12) umfaBt, das zum Verschlussein 
und Entschlussein von Daten ausgelegt ist und 
uber einen ersten Bus (38) mit dem Host-Terminal 



Revendications 

1. Un systdme pour traiter des clefs pour utilisation 
lors des operations d'encryptage et de decryptage, 
comporiant un terminal hote (14) comportant un 
processeur (16) adapts pour executer des instruc- 
tions et un module d'encryptage (12) adapte pour 
encrypter et decr/pter des donnees et accouple par 
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un premier bus (38) audit terminal hote (14). carac- 
terise en ce que ledit module d'encryptage (12) 
comporte: une puce de chiffrage de donn^es (64) 
adaptee pour encrypter et ddcrypter les donnees; 
un rTKjyen de memorisation (60) adapte pour me- s 
moriser des clefs; un deuxi6me bus sur (98) adaptd 
pour accoupler ledit moyen de mdrrrarisation (60) k 
ladite puce de chiffrage de donnees (64) pour trans- 
ferer ladite clef a ladite puce de chiffrage (64) pour 
utilisation par cette derniere; une interface (1 00) ac- io 
couplee audit premier bus (38) et audit deuxieme 
bus (98); et un moyen de controle logique (116.118) 
adapts pour controler le fonctionnement de ladite 
interface (100) pour accoupler ledit premier bus 
(38) audit deuxieme bus (98) et pour le desaccou- 
pier de ce dernier, en ce que ladite interface (100) 
est contr6l6e par ledit moyen de controle logique 
(116. 118) pour accoupler ledit deuxieme bus (98) 
audit premier bus (38) pour permettre auxdites clefs 
d'etre instances dans ledit moyen de memorisation 20 
(60) par ledit processeur (16); et en ce que ladite 
interface (100) est contr6l6e par ledit moyen de 
controle logique (116. 118) pour desaccoupler ledit 
deuxieme bus (98) dudit premier bus (38) relative- 
ment k I'accfes k iadite clef k chaque fois que ladite 2S 
clef doit apparatlre sur ledit deuxieme bus (98) 
apres avoir ete installee dans ledit moyen de me- 
morisation (60) par ledit processeur (16). 

Un systeme conformement k la revendication 1 . ca- 30 
racterise en ce que Tune desdites clefs est une clef 
maitresse. en ce que ledit moyen de controle logi- 
que (116, 118) est adapte pour determiner tout mo- 
ment ou ladite clef maitresse doit apparaitre sur le- 
dit deuxieme bus (98); et en ce que ladite interface 35 
(100) est adaptee pour d6connecter ledit deuxieme 
bus (98) dudit premier bus (38) relativement k Vac- 
c^s k ladite clef maitresse k chaque fois que ladite 
clef maitresse doit apparaitre sur ledit deuxieme 
bus (98) apr6s avoir 6t6 install6e dans ledit moyen 40 
de memorisation (60) par ledit processeur (16). 

Un systeme conformement k la revendication 1 ou 
a la revendication 2, caracterise en ce que ledit 
moyen de memorisation comporte une F=IAM stati- 
que (60) et une pile de sauvegarde (62) pour ladite 
RAM statique (60). 



so 



55 



10 



EP 0 377 706 B1 




11 



EP 0 377 706 B1 



FIG. 2A 



12 



\ 



SPECIAL 
ENCRYPTOR 

MODULE 
CONDITIONS 



AFLAG T 
PARITY 



MASTER KEY 



T 



KEY SOURCE 



ANY D 



CLEAR D AUX 



BUS 



LOCKED 



TIMING 

AND 
DECODE 



38 



TO HOST CPU 16<J 



100 



s 

Y 
S 
T 
E 
M 

I 

N 
T 
E 
R 
F 
A 
C 
E 



LATCH 



PERIPH 



RAM WRITE 



RAM READ 



ENCRYPT CLK 



MALE 



ENCRYPT WR 



ENCRYPT RD 



LOAD KEY 



SLAVE RD 



ENABLE READ 



ENABLE 245 



245 DIRECTION 



Z 



98 



104 



38-1 



96 ^ 

KEY NUMBER | 



2^ 



A2 
A1 • 



ADDRESS AND 
Bl - DIRECTIONAL 
DATA MUX 



BK X 8 SRAM 



60 
60 
60 



-3 

■2- 
■1- 



60 



L V. OR GENERAL 
PURPOSE AREA 



WORKING KEY AREA 



MASTER KEY AREA 



A2 



A1 



AO 



RAM SEL 



RAM READ 



RAM WRITE 



SRAM 
CONTROL 



102 



62 



B 
A 
T 
T 
E 
R 
Y 



12 



EP 0 377 706 B1 



64 



\ 



98-2 



66 



D7 - DO 



68 



AD2 & ADl 



07 • D3 & DO 



98-3 



72 



FIG. 2B 



MODE REGISTER 



MODE STATUS 



COMMAND REGISTER 



COMMAND STATUS 



A 

U 
X 

P 
0 
R 
T 



MASTER KEY 
REGISTER 



ENCRYPT KEY 
REGISTER 



DECRYPT KEY 
REG ISTER 



•80 



-84 



86- 



M 
A 
S 
T 
E 
R 

P 
0 
R 
T 



88 



OUTPUT 
REGISTER 



ALGORITHM 
UNIT 



90 



INPUT 
REGISTER 



I. V. ENCRYPT 
REGISTER ^ 



I. V. DECRYPT 
REGISTER 



98-4 



82 



92 



94 



AFLAG 



^78 



PARITY 
► 



70 



D7- DO 



13 



EP 0 377 706 B1 



FIG. 3 



60-3 



60-2 



60-1 



SRAM 60 


AREAS 


KEY NUMBER 
(HEX) 


^ I.V.'S OR GENERAL 
PURPOSE AREA 


3FF 
080 HEX 


^ WORKING KEYS 


07F 
020 HEX 


^ MASTER KEY 


OIF 
000 HEX 



FIG. 4 



KEY 
NUMBER 
10 ADDRESS 
BITS 



AO A1 A2 
3 COMBINATIONAL 
ADDRESS BITS 



SRAM 60 


8 


7 


6 


5 


4 


3 


2 


1 








i 












■"^ 




1 











































14 



EP 0 377 706 B1 



FIG. 5 
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FIG. 11 
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